MailScanner: Found dangerous Object Codebase/Data tag in HTML message

Stephen Swaney steve.swaney at fsl.com
Fri Oct 28 21:43:04 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Information Services
> Sent: Friday, October 28, 2005 4:26 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> message
> 
> sendmail[8529]: j9SHoPAn008529:
> from=<personalfinance-html-return-566-
> btinius=lovebox.com at mail2.marketwatchmail.com>,
> size=23641, class=-60, nrcpts=1,
> msgid=<200510281750.j9SHoPAn008529 at mail.lovebox.com>, proto=SMTP,
> daemon=MTA, relay=l-qmqp2.marketwatchmail.com [63.240.173.124]
> 
> MailScanner[25119]: Message j9SHoPAn008529 from 63.240.173.124
> (personalfinance-html-return-566-
> btinius=lovebox.com at mail2.marketwatchmail.com)
> to lovebox.com is not spam, SpamAssassin (score=-0.134, required 3,
> ALL_TRUSTED -1.00, AWL 0.40, BAYES_00 -2.60, HTML_EMBEDS 0.21,
> HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, HTML_WEB_BUGS 0.04,
> INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04,
> MISSING_MIMEOLE 0.01, MORTGAGE_RATES 0.20, MSGID_FROM_MTA_HEADER 0.05,
> SARE_HTML_JVS_FLASH 0.99, SARE_URI_REFID1 1.11)
> 
> MailScanner[25119]: Content Checks: Detected and have disarmed HTML
> message in j9SHoPAn008529 from
> personalfinance-html-return-566-
> btinius=lovebox.com at mail2.marketwatchmail.com

It's still hitting one of the other HTML checks. Try setting up rulesets
for:

Allow IFrame Tags = 
Allow Form Tags =
Allow Script Tags =

Also you might want to make the rule sets read:

From:         marketwatchmail.com     disarm
# Under no circumstances should this be changed to "yes".
FromOrTo:     default                 no

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com
 
> 
> 
> On 10/28/05, Stephen Swaney <steve.swaney at fsl.com> wrote:
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > > Behalf Of Information Services
> > > Sent: Friday, October 28, 2005 4:05 PM
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> > > message
> > >
> > > Okay,
> > >
> > > I had a user that wanted to receive a newletter, but it was being
> blocked.
> > > Looking through the archives I found what I need to do to take care of
> > > this problem.  I edited MailScanner.conf and changed to:
> > >
> > > Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
> > >
> > > The contents of object.code.rules:
> > >
> > > # This file is to allow Object Codebase Tags from APPROVED domains.
> > > # This next line gives an example of how you might enable this option
> for
> > > # a frequent customer of yours.
> > > #From:                yourcustomer.com        yes
> > > From:         marketwatchmail.com     yes
> > >
> > > # Under no circumstances should this be changed to "yes".
> > > FromOrTo:     default                 no
> > > #
> > > #
> > >
> > >
> > > I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
> > > sure MailScanner and sendmail did in fact stop. Then started
> > > MailScanner again.  I am trying to release the message to the user,
> > > but it continues to be blocked.  What am i missing?  I went into
> > > /var/spool/MailScanner/archives/%date%/%files% and tried to open them
> > > in a browser but they are garbled up.  What do I need to do in order
> > > to get this newsletter to the user?
> > >
> > > Casey
> >
> > What do the log files say about the message?
> >
> > Steve
> >
> > Stephen Swaney
> > Fort Systems Ltd.
> > stephen.swaney at fsl.com
> > www.fsl.com
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list